I spent 15 years selling enterprise security solutions — working for some of the most recognized names in the industry. I’ve been in the rooms where deals get made, sat across from CIOs and CISOs who were doing their best to secure organizations under relentless pressure, and watched the same cycle repeat itself hundreds of times: a new platform gets purchased, a new vendor gets onboarded, and six months later, the problems that prompted the purchase are still there.
The tool worked. The system around it didn’t.
I left that world because I kept seeing something that nobody wanted to say out loud: technology is being treated as the whole answer to problems it can only partially solve. And the industry conversation — shaped almost entirely by the companies with the biggest marketing budgets and the loudest voices — has made it harder, not easier, for CIOs and CISOs to see the full picture.
I’m writing this because I think it’s time that changed. And I think the people best positioned to change it are the ones who’ve been quietly doing the work all along — the managed service providers and managed security service providers who walk into their clients’ environments every day and make technology actually function.
The triangle is out of balance.
The people-process-technology triangle has been a foundational concept in operations for decades. All three legs have to be present and proportional for any system to work. What’s happened in the last ten years is that one leg has been growing while the other two have been largely left to fend for themselves.
The data on this is stark. Research from BCG and McKinsey consistently shows that 70% of digital transformation initiatives fail to meet their objectives. McKinsey’s own research describes successful digital transformation as being 20% technology and 80% organizational change — yet most companies flip this ratio entirely, allocating the majority of budget to technology while treating change management as an afterthought. Organizations that invest in cultural change see 5.3 times higher success rates than those focused only on technology.
Read that again. The evidence has been there for years. Most technology failures aren’t technology failures. They’re people and process failures wearing a technology mask. The EDR that nobody tuned. The SIEM generating alerts that no one has a workflow to act on. The zero-trust architecture deployed without the governance framework to support it.
The tool worked. The system around it didn’t.
Who’s shaping the conversation — and why.
The technology industry has a structural bias toward product. The economics demand it. A software license scales to a million seats. A managed service relationship doesn’t scale the same way. So the companies with the largest budgets have shaped the entire market conversation around the tool, the platform, the feature set.
The numbers are not subtle. Leading cybersecurity product companies report spending over $2.7 billion annually on sales and marketing alone — roughly 38% of total revenue, a ratio held consistent year over year. Compare that to the typical MSP: most are budgeting $3,000 to $5,000 per month on marketing, total. That is not a gap. That is a different universe.
The reach advantage is structural, not accidental. At many major industry conferences, speaking opportunities are explicitly linked to sponsorship. Through tiered packages, brands secure keynote slots and position themselves as thought leaders while engaging a captive audience of the very buyers they’re selling to. Service providers grow on referrals and reputation. They don’t buy the stage.
The result is a market conversation almost entirely about technology — because technology is what generates the margins that fund that conversation. The providers doing the real work are largely absent from it.
The global managed services market sits between $300 billion and $365 billion today, on a trajectory toward over $1 trillion by 2033. Nearly 90% of small and mid-size businesses currently use an MSP or are actively considering it. In 2024, over 68% of global enterprises outsourced at least one component of their IT operations to managed service providers — with firms using MSPs reporting a 27% decrease in system downtime and a 19% reduction in IT operating costs.
This is not a niche market playing a supporting role. This is the backbone of how modern organizations run their technology. And yet the voices shaping the industry narrative — the analyst relationships, the conference keynotes, the thought leadership platforms — are almost never service providers.
Clients today increasingly view MSPs not as outsourced IT vendors, but as trusted technology partners essential to business continuity. CIOs and CISOs already know this. The problem is that the broader industry conversation hasn’t caught up. MSPs and MSSPs are carrying two legs of a three-legged triangle and getting credit for none of it.
AI is about to shift the economics — and the opportunity.
For the first time, the automation and scale advantages that have always favored product companies are becoming accessible to service providers. 71% of MSPs are already using automation for routine tasks, with 66% citing it as a key to scaling operations without adding headcount, and 76% reporting increased efficiency as a direct result.
That is not a marginal improvement. That is a structural shift in what it costs to deliver managed services at quality — and it means the economics that kept service providers quiet are changing. A service company that can automate the repeatable work now has the capacity to invest in what it has always been best at: the judgment calls. The architecture decisions. The process design that makes the technology functional in a specific environment, with specific people, and specific constraints. The things no product can do, because products don’t know your business.
The managed security services market alone is projected to grow from $38.85 billion in 2025 to $69.20 billion by 2030. The demand is accelerating. The clients are ready for a more strategic relationship. The only thing missing is the voice to claim it.
This is my stake in the ground.
I co-founded Catalyst Shift because I believe service providers are the most underleveraged force in the technology industry. Not because they lack capability — but because they’ve been too busy delivering to stop and lead.
The world is becoming more complex, more connected, and more dependent on technology working the way it’s supposed to. That means it’s becoming more dependent on the people who make technology work. More dependent on the process that turns a vendor’s promise into a client’s outcome. More dependent on service providers who wake up every morning thinking about operational resilience, not product roadmaps.
A more secure, more productive, more innovative world — for our organizations, our communities, and the generations who will inherit what we build — requires all three legs of the triangle standing at equal height. Technology is one of them. The people who implement it, operate it, and make it functional inside real organizations with real constraints are the other two.
That work deserves a seat at the table where the conversation happens.
If you’re an MSP or MSSP who has felt this, seen it, and is ready to say it out loud — I want to hear from you. Not to sell you anything. To find the people who are thinking about this the same way and are ready to use that voice.
The triangle works when all three legs are standing. It’s time we started talking about the other two.